Install the Microsoft HPC Pack Web Components

Starting with HPC Pack 2008 R2 with SP2, you can install and configure the HPC Pack web components. The web components include the following:

The Windows HPC Server Web Portal, which cluster users can use to submit and manage jobs

An interface to the HPC Job Scheduler Service using an HTTP web service that is based on the representational state transfer (REST) model

Note

The HPC Pack web components can only be installed on the head node of the cluster.

When the administrator and HPC Server Web Portal are all on the Head Node, the administrator can test how the users see the portal and get access as an administrator by running Internet Explorer with elevated privileges (“Run as administrator”). If an administrator is accessing the HPC Server Web Portal from a server other than the Head Node, then the administrator should connect to the portal with administrative credentials.

To install the HPC Pack web components, you must use the installation file HpcWebComponents.msi. HpcWebComponents.msi is included in HPC Pack installation files available at the Microsoft Download Center, or in the HPC Pack installation media.

First, run the HpcWebComponents.msi installation program on the head node computer. Follow the steps in the wizard.

Note

If you have configured the head node of your cluster for high availability in the context of a failover cluster, run HpcWebComponents.msi first on the active head node, and then on the passive head node.

To communicate with web clients over Secure Sockets Layer (SSL), the HPC web components use an SSL certificate that is bound to the port that is used for communication (port 443 by default). If a certificate is not already bound to this port, you must specify the thumbprint of a X.509 certificate during the configuration of the web components. It is recommended that you obtain a trusted certificate from an appropriate certification authority, but you can generate and install a temporary certificate for testing purposes. If you choose to generate and install a temporary certificate for use with the web components, see How to: Create Temporary Certificates for Use During Development. Optionally, when you run the configuration script Set-HPCWebComponents.ps1 (which is installed when you run HpcWebComponents.msi), you can choose to generate and install a self-signed certificate, which you may also find useful for testing or proof-of-concept deployments.

Important

If you use a trusted certificate or a temporary certificate, ensure that you import it to the Trusted Root Certification Authorities Store of the local computer account on the head node. If you have configured your head node for high availability in the context of a failover cluster, import it to the Trusted Root Certification Authorities Store on both head node computers.

If you need to replace a certificate that is already bound to the port that you want to configure for the web components, you must first delete the existing certificate bindings. To do this, you can use the netsh http delete sslcert command. For more information about managing SSL certificates, see How to: Configure a Port with an SSL Certificate.

To configure the Windows HPC Server Web Portal and the REST interface, you must run the provided HPC PowerShell script %CCP_HOME%\bin\Set-HPCWebComponents.ps1. When you run the script, you specify parameters as indicated in the following table:

Parameter

Description

-Service <ComponentType>

Configures the component specified by <ComponentType>. Valid values are Portal or REST. You can omit “-Service”.

Note

When setting up the Portal, the script adds the Web Services (IIS) role and the necessary IIS role features on the head node computer, if they are not already installed. It also configures IIS settings that enable SSL communication

When setting up the REST interface, the script configures and starts the HPC Web Service.

-enable | -disable

Enables or disables a component.

-Port <PortNumber>

Configures the component to use the specified port <PortNumber>. If the parameter is not specified, the script configures port 443 by default.

-Certificate <CertThumbprint>

Binds the SSL certificate specified using the thumbprint <CertThumbprint>.

Important

If a certificate is already bound on port <PortNumber>, you can configure this certificate either by specifying the correct <CertThumbprint> or by omitting the –Certificate parameter. You cannot configure a different certificate unless you delete the existing certificate binding.

If no certificate is bound on port <PortNumber>, you are prompted to type the number of a certificate from the list of available server authentication certificates. If you want the script to generate and configure the component with a self-signed certificate, type 0.

You can configure the same certificate for the HPC Server Web Portal and the REST interface, but this is not required.

-AuthenticationMethod <Method>

Configures the component to use a specified authentication method. Valid values are Basic or NTLM. If the parameter is not specified, the script configures Basic authentication by default.

Choose one of the following two procedures to set up the web components:

To configure the web components on a head node configured for high availability in a failover cluster

Start HPC PowerShell as an administrator.

To configure the web components on the active head node of the failover cluster, follow steps 2 – 6 in the preceding procedure to configure the HPC Server Web Portal and the REST interface.

If you generated and configured a self-signed certificate on the active head node for the web components, export the certificate as a .cer file and import it on the other head node by performing the following steps:

On the active head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

Follow the pages of the wizard to import the .cer file from the location where you stored it, into the Personal certificate store.

If you configured a certificate other than a self-signed certificate for the web components on the active head node, ensure that you have imported this certificate on the other (inactive) head node of the failover cluster.

If you have not already done so, fail over to the other head node in the failover cluster (the head node on which you have not already run the Set-HPCWebComponents.ps1 script).

Start HPC PowerShell as an administrators.

To configure the web components on the active second node of the failover cluster, follow steps 2 – 6 in the preceding procedure to configure the HPC Server Web Portal and the REST interface.

Important

Ensure that you configure the same certificate and port bindings that you configured on the other head node in the failover cluster.

If the script generated and configured a self-signed certificate on the other head node, do not type 0 to generate a self-signed certificate on the current head node. Type the number that corresponds to the name of the certificate that you imported from the other head node.

Run the Set-HPCWebComponents.ps1 HPC PowerShell script so that the available certificates are displayed. Type:

.\Set-HPCWebComponents.ps1 Portal -enable

When prompted, type the number of a certificate in the list of available certificates. Choose the number that corresponds to the certificate that you configured on the other head node in the failover cluster.

Important

If the script generated and configured a self-signed certificate on the other head node, do not type 0 to generate a self-signed certificate on the current head node. Type the number that corresponds to the name of the certificate that you imported from the other head node.

To confirm that the Windows HPC Server Portal is configured properly, open a browser, then browse to the portal at the following address:

On a single head node (one that is not configured for high availability): https://<HeadNodeName>:<PortNumber>/hpcportal. where <HeadNodeName> is the computer name of the head node and <PortNumber> is the port that is bound by the SSL certificate

On a head node configured for high availability: https://<FQVN>:<PortNumber>/hpcportal, where <FQVN> is the fully qualified virtual name of the failover cluster for the head nodes and <PortNumber> is the port that is bound by the SSL certificate. Example: VirtHN.contoso.com.

Note

You must enable AJAX (active scripting) in your browser to view the portal content. For more information, see How to enable scripting in your browser (http://go.microsoft.com/fwlink/p/?LinkId=217076).

If you generated a self-signed certificate to configure HPC Server Web Portal, you may see certificate errors or warnings in your browser when you try to access the portal. To avoid this, you can export the self-signed certificate from the Personal certificate store of the local computer account on head node, and import it in the Trusted Root Certification Authorities certificate store on the computer where you are accessing the portal.

If you configured the portal on a head node configured for high availability in the context of a failover cluster, the state of the web portal does not persist if the head node fails over. Any clients that connect to the portal must refresh their connections.